The stack can be 32-bit even in real mode, and in this case the stack pointer must be updated in its entirety rather than just the bottom 16 bits.
This is the testcase of https://gitlab.com/qemu-project/qemu/-/issues/1506 but there are other issues. Signed-off-by: Paolo Bonzini <[email protected]> --- target/i386/tcg/seg_helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/i386/tcg/seg_helper.c b/target/i386/tcg/seg_helper.c index 667b1c38696..41cd63ef3a1 100644 --- a/target/i386/tcg/seg_helper.c +++ b/target/i386/tcg/seg_helper.c @@ -1161,7 +1161,7 @@ static void do_interrupt_real(CPUX86State *env, int intno, int is_int, sa.env = env; sa.ra = 0; sa.sp = env->regs[R_ESP]; - sa.sp_mask = 0xffff; + sa.sp_mask = get_sp_mask(env->segs[R_SS].flags); sa.ss_base = env->segs[R_SS].base; sa.mmu_index = x86_mmu_index_pl(env, 0); -- 2.51.1
